package org.apereo.cas.services;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.attribute.AttributeDefinition;
import org.apereo.cas.authentication.attribute.AttributeDefinitionStore;
import org.apereo.cas.authentication.attribute.DefaultAttributeDefinition;
import org.apereo.cas.authentication.attribute.DefaultAttributeDefinitionStore;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasPersonDirectoryTestConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.scripting.GroovyScriptResourceCacheManager;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.support.StaticApplicationContext;

@Tag("Attributes")
/* loaded from: input_file:org/apereo/cas/services/ReturnAllowedAttributeReleasePolicyTests.class */
public class ReturnAllowedAttributeReleasePolicyTests {
    private static final File JSON_FILE = new File(FileUtils.getTempDirectoryPath(), "returnAllowedAttributeReleasePolicy.json");
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @SpringBootTest(classes = {CasPersonDirectoryTestConfiguration.class, CasCoreUtilConfiguration.class, RefreshAutoConfiguration.class}, properties = {"cas.authn.attribute-repository.attribute-definition-store.json.location=classpath:/return-allowed-definitions.json"})
    @Nested
    /* loaded from: input_file:org/apereo/cas/services/ReturnAllowedAttributeReleasePolicyTests$AttributeDefinitionsTests.class */
    public class AttributeDefinitionsTests {

        @Autowired
        @Qualifier("attributeDefinitionStore")
        private AttributeDefinitionStore attributeDefinitionStore;

        public AttributeDefinitionsTests() {
        }

        @Test
        public void verifyUnresolvedAttributes() {
            Assertions.assertNotNull(this.attributeDefinitionStore);
            ReturnAllowedAttributeReleasePolicy returnAllowedAttributeReleasePolicy = new ReturnAllowedAttributeReleasePolicy();
            returnAllowedAttributeReleasePolicy.setAllowedAttributes(CollectionUtils.wrapList(new String[]{"displayName"}));
            Map attributes = returnAllowedAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(CoreAuthenticationTestUtils.getRegisteredService()).service(CoreAuthenticationTestUtils.getService()).principal(CoreAuthenticationTestUtils.getPrincipal(Map.of("cn", List.of("casuser")))).build());
            Assertions.assertEquals(1, attributes.size());
            Assertions.assertTrue(attributes.containsKey("displayName"));
        }

        @Test
        public void verifyVirtualAttributesInChain() {
            Assertions.assertNotNull(this.attributeDefinitionStore);
            RegisteredServiceAttributeReleasePolicy returnAllowedAttributeReleasePolicy = new ReturnAllowedAttributeReleasePolicy();
            returnAllowedAttributeReleasePolicy.setAllowedAttributes(CollectionUtils.wrapList(new String[]{"displayName"}));
            returnAllowedAttributeReleasePolicy.setOrder(0);
            RegisteredServiceAttributeReleasePolicy returnAllowedAttributeReleasePolicy2 = new ReturnAllowedAttributeReleasePolicy();
            returnAllowedAttributeReleasePolicy2.setAllowedAttributes(CollectionUtils.wrapList(new String[]{"calculated-displayName"}));
            returnAllowedAttributeReleasePolicy2.setOrder(1);
            RegisteredServiceAttributeReleasePolicyContext build = RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(CoreAuthenticationTestUtils.getRegisteredService()).service(CoreAuthenticationTestUtils.getService()).principal(CoreAuthenticationTestUtils.getPrincipal(Map.of("cn", List.of("casuser")))).build();
            ChainingAttributeReleasePolicy chainingAttributeReleasePolicy = new ChainingAttributeReleasePolicy();
            chainingAttributeReleasePolicy.addPolicies(new RegisteredServiceAttributeReleasePolicy[]{returnAllowedAttributeReleasePolicy, returnAllowedAttributeReleasePolicy2});
            Map attributes = chainingAttributeReleasePolicy.getAttributes(build);
            Assertions.assertEquals(2, attributes.size());
            Assertions.assertTrue(attributes.containsKey("displayName"));
            Assertions.assertTrue(attributes.containsKey("calculated-displayName"));
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @SpringBootTest(classes = {RefreshAutoConfiguration.class}, properties = {"cas.authn.attribute-repository.core.default-attributes-to-release=cn,mail"})
    @TestMethodOrder(MethodOrderer.OrderAnnotation.class)
    @Nested
    /* loaded from: input_file:org/apereo/cas/services/ReturnAllowedAttributeReleasePolicyTests$DefaultTests.class */
    public class DefaultTests {

        @Autowired
        private CasConfigurationProperties casProperties;

        public DefaultTests() {
        }

        @Test
        @Order(1)
        public void verifySerializeAReturnAllowedAttributeReleasePolicyToJson() throws IOException {
            ArrayList arrayList = new ArrayList();
            arrayList.add("attributeOne");
            ReturnAllowedAttributeReleasePolicy returnAllowedAttributeReleasePolicy = new ReturnAllowedAttributeReleasePolicy(arrayList);
            returnAllowedAttributeReleasePolicy.setPrincipalIdAttribute("principalId");
            ReturnAllowedAttributeReleasePolicyTests.MAPPER.writeValue(ReturnAllowedAttributeReleasePolicyTests.JSON_FILE, returnAllowedAttributeReleasePolicy);
            Assertions.assertEquals(returnAllowedAttributeReleasePolicy, (ReturnAllowedAttributeReleasePolicy) ReturnAllowedAttributeReleasePolicyTests.MAPPER.readValue(ReturnAllowedAttributeReleasePolicyTests.JSON_FILE, ReturnAllowedAttributeReleasePolicy.class));
        }

        @Test
        @Order(2)
        public void verifyConsentable() {
            StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
            staticApplicationContext.refresh();
            ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, this.casProperties, CasConfigurationProperties.class.getSimpleName());
            ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
            ArrayList arrayList = new ArrayList();
            arrayList.add("uid");
            arrayList.add("cn");
            arrayList.add("givenName");
            ReturnAllowedAttributeReleasePolicy returnAllowedAttributeReleasePolicy = new ReturnAllowedAttributeReleasePolicy(arrayList);
            returnAllowedAttributeReleasePolicy.setConsentPolicy(new DefaultRegisteredServiceConsentPolicy(Set.of("cn"), Set.of("givenName")));
            Principal principal = CoreAuthenticationTestUtils.getPrincipal("casuser");
            RegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
            Mockito.when(registeredService.getAttributeReleasePolicy()).thenReturn(returnAllowedAttributeReleasePolicy);
            Map consentableAttributes = returnAllowedAttributeReleasePolicy.getConsentableAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(CoreAuthenticationTestUtils.getService()).principal(principal).build());
            Assertions.assertEquals(1, consentableAttributes.size());
            Assertions.assertTrue(consentableAttributes.containsKey("givenName"));
        }

        @Test
        @Order(3)
        public void verifyRequestedDefinitions() {
            ArrayList arrayList = new ArrayList();
            arrayList.add("uid");
            arrayList.add("cn");
            arrayList.add("givenName");
            ReturnAllowedAttributeReleasePolicy returnAllowedAttributeReleasePolicy = new ReturnAllowedAttributeReleasePolicy(arrayList);
            Assertions.assertTrue(returnAllowedAttributeReleasePolicy.determineRequestedAttributeDefinitions(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(CoreAuthenticationTestUtils.getRegisteredService()).service(CoreAuthenticationTestUtils.getService()).principal(CoreAuthenticationTestUtils.getPrincipal()).build()).containsAll(returnAllowedAttributeReleasePolicy.getAllowedAttributes()));
        }

        @Test
        @Order(4)
        public void verifyRequestedDefinitionsWithExistingPrincipalAttribute() {
            StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
            staticApplicationContext.refresh();
            ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, this.casProperties, CasConfigurationProperties.class.getSimpleName());
            ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
            ArrayList arrayList = new ArrayList();
            arrayList.add("custom-name");
            ReturnAllowedAttributeReleasePolicy returnAllowedAttributeReleasePolicy = new ReturnAllowedAttributeReleasePolicy(arrayList);
            ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, new DefaultAttributeDefinitionStore(new AttributeDefinition[]{DefaultAttributeDefinition.builder().key("customName").name("custom-name").build()}), "attributeDefinitionStore");
            Map attributes = returnAllowedAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(CoreAuthenticationTestUtils.getRegisteredService()).service(CoreAuthenticationTestUtils.getService()).principal(CoreAuthenticationTestUtils.getPrincipal("casuser", Map.of("customName", List.of("CAS")))).build());
            Assertions.assertTrue(attributes.containsKey("custom-name"));
            Assertions.assertEquals(((List) attributes.get("custom-Name")).get(0), "CAS");
        }

        @Test
        @Order(6)
        public void verifyRequestedDefinitionsWithoutPrincipalAttribute() {
            StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
            staticApplicationContext.refresh();
            ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, this.casProperties, CasConfigurationProperties.class.getSimpleName());
            ArrayList arrayList = new ArrayList();
            arrayList.add("given-name");
            arrayList.add("uid");
            ReturnAllowedAttributeReleasePolicy returnAllowedAttributeReleasePolicy = new ReturnAllowedAttributeReleasePolicy(arrayList);
            ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, new DefaultAttributeDefinitionStore(new AttributeDefinition[]{DefaultAttributeDefinition.builder().key("given-name").script("groovy { return ['hello'] }").build()}), "attributeDefinitionStore");
            ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, GroovyScriptResourceCacheManager.class, "scriptResourceCacheManager");
            ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
            Map attributes = returnAllowedAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(CoreAuthenticationTestUtils.getRegisteredService()).service(CoreAuthenticationTestUtils.getService()).principal(CoreAuthenticationTestUtils.getPrincipal("casuser", Map.of("uid", List.of("UID")))).build());
            Assertions.assertEquals(2, attributes.size());
            Assertions.assertTrue(attributes.containsKey("given-name"));
            Assertions.assertEquals(((List) attributes.get("given-name")).get(0), "hello");
        }

        @Test
        @Order(5)
        public void verifyDefaultAttributes() {
            StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
            staticApplicationContext.refresh();
            ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, this.casProperties, CasConfigurationProperties.class.getSimpleName());
            ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
            ReturnAllowedAttributeReleasePolicy returnAllowedAttributeReleasePolicy = new ReturnAllowedAttributeReleasePolicy();
            returnAllowedAttributeReleasePolicy.setPrincipalIdAttribute("principalId");
            returnAllowedAttributeReleasePolicy.postLoad();
            Principal principal = CoreAuthenticationTestUtils.getPrincipal("casuser");
            RegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
            Mockito.when(registeredService.getUsernameAttributeProvider()).thenReturn(new RegisteredServiceUsernameAttributeProvider() { // from class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicyTests.DefaultTests.1
                private static final long serialVersionUID = 6935950848419028873L;

                public String resolveUsername(Principal principal2, Service service, RegisteredService registeredService2) {
                    return principal2.getId();
                }
            });
            Map attributes = returnAllowedAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(CoreAuthenticationTestUtils.getService()).principal(principal).build());
            Assertions.assertEquals(3, attributes.size());
            Assertions.assertTrue(attributes.containsKey("principalId"));
            Assertions.assertTrue(attributes.containsKey("cn"));
            Assertions.assertTrue(attributes.containsKey("mail"));
        }
    }
}
